Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense on 3 Servers (3 Sites VPN)

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisDudley
      last edited by

      Hello All,

      First time poster! (Yay!?)

      I'm interested in rolling out pfSense over our network, we currently have 4 servers in play (not really used much for anything right now), 3 of those are the same (quad-core xeon, 16gb ddr3, 8tb storage) whereas the 4th is a god amongst the others (8-core, 32gb ddr3, 32tb storage).

      I'm planning on placing 1 server at each location, the 4th / "god" being at the main site for DHCP, Active Directory, etc… Each of those 3 similar servers will be running pfSense at each location.

      My main question (I searched the forums, either inputting the wrong term or something) is do I have the ability with pfSense to have a sort of central command or management? Whereas I can make a change at one location and it blanket the entire network vs. configuring the same settings each time on every one?

      Also, in terms of VPN... is VPN built-in to pfSense or is a third-party required? I'm open to suggestions of 3rd party if that is the case.

      If you have any input as to how you would work with this setup, I'm more than happy to hear any suggestions.

      Thank you in advance!

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        There has been talk about a central config management system for some time, but so far nothing has actually happened. So you have to do settings on each system individually.

        VPN is built-in - OpenVPN or IPsec for site-to-site secure connections, or road warrior conecting back in…

        I assume you will run pfSense in a VM on that hardware, and also use it as a server/s.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • C
          ChrisDudley
          last edited by

          @phil.davis:

          There has been talk about a central config management system for some time, but so far nothing has actually happened. So you have to do settings on each system individually.

          VPN is built-in - OpenVPN or IPsec for site-to-site secure connections, or road warrior conecting back in…

          I assume you will run pfSense in a VM on that hardware, and also use it as a server/s.

          Each system individually is a drag, maybe I can (since the 3 servers I'm going to use match up perfectly) set things up how I want it the first time (for the most part at least) and just clone the drive over to each one? (The WAN IP would differ, but I'm sure the Config will let me change that after the fact) Or do you see a complication with doing this?

          Also, I was thinking pfSense would be more optimal or provide better security alone vs. being on a VM would it not? That would be a interesting discussion to have. Being that this is a school and records are kept (for the most part) locally, I'd love to keep it as secure as possible from any intrusion.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If you have the same config (or at least the same starting point) on the same hardware just connect to 192.168.1.1 and upload the config. Done.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.